Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
LLM Loop Breaker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is mostly aligned with its stated defensive purpose, but it modifies the gateway and starts a persistent watchdog that can automatically kill processes using broad heuristics.
Review this before installing on any shared or production host. It is not clearly malicious, and its behavior matches a defensive watchdog, but it modifies the OpenClaw gateway, launches a long-running background daemon, may install packages, stores incident logs, and can automatically kill gateway child processes. Use it only if you want those controls and can tolerate possible false-positive terminations.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A false positive or an unintended process match could terminate legitimate gateway child processes and disrupt service.
Why it was flagged
The watchdog can terminate processes, but the visible process selection logic relies on broad string matching instead of a tightly scoped configured gateway path or PID.
Skill content
detects poison-pill processes and memory leaks in the gateway's child tree, and kills offenders ... if (('openclaw' in cmdline_str and 'gateway' in cmdline_str) or 'openclaw.mjs' in cmdline_str or 'openclaw-gateway' in name): gateway_pid = p.info['pid']Recommendation
Run only on a dedicated gateway host, and prefer a version that binds the watchdog to an explicit configured gateway PID/path with a dry-run or alert-only mode.
Medium
What this means
After deployment and gateway restart, the watchdog can keep running in the background until manually stopped.
Why it was flagged
The deploy script injects startup code into openclaw.mjs that launches a background watchdog daemon.
Skill content
cat >> "${TARGET_FILE}" << 'INJECT' ... execSync(`nohup python3 "${distDir}host-resource-watchdog.py" > "${logDir}/host_watchdog.log" 2>&1 &`);Recommendation
Make sure you are comfortable with a persistent watchdog before installing, and document a clear stop/uninstall procedure for your environment.
What this means
Installation may modify the host Python/system package environment and depends on the package source available at install time.
Why it was flagged
The deploy script may install psutil through the system package manager or pip, without a pinned version in the script.
Skill content
apt-get update -qq && apt-get install -y -qq python3-psutil ... python3 -m pip install psutil
Recommendation
Review dependency installation, pin psutil where possible, and install through your normal trusted package management process.
What this means
Local incident files could retain sensitive host details or later be read as context by other workflows.
Why it was flagged
System log excerpts may contain sensitive or untrusted operational text and are stored persistently under the OpenClaw workspace memory area.
Skill content
Incident snapshots capture `journalctl` and `dmesg` excerpts into `~/.openclaw/workspace/memory/core/incidents/`.
Recommendation
Limit retention, sanitize incident logs where needed, and avoid automatically treating stored log text as trusted instructions.